ABSTRACT OF THE DISCLOSURE 

A method and an apparatus ensuring protection of digital data are provided. 

In addition to re-encrypting the data using an unchangeable key, the data is double 
re-encrypted using a changeable key. The changeable key is used first and the unchangeable key 
is then used, or in another case, the unchangeable key is used first, and the changeable key is then 
used. In the aspect of embodiments, there is a case adopting a software, a case adopting a 
hardware, or a case adopting the software and the hardware in combination. The hardware using 
the unchangeable key developed for digital video is available. In adopting the software, 
encryption/decryption is performed in a region below the kernel which cannot be handled by the 
user to ensure the security for the program and for the key used. More concretely, 
encryption/decryption is performed with RTOS using a HAL and a device driver, i.e., a filter 
driver, a disk driver and a network driver, in an I/O manager. Either one of two filter drivers, 
with a file system driver between them, may be used. Further, both filter drivers may be used. 
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(57) Abstract 

A method and a device capable of protecting digital data reliably. Digital data are doubly re-encrypted by using a fixed key and a 
variable key. The order of using the encrypting keys is first the variable key and then the fixed key, or first the fixed key and then the 
variable key. The working examples are exemplified by one using a software, one using a hardware and one using a combination of a 
software and a hardware. The hardware can use a fixed key which has been developed for digital video. The software performs 
encryption/decryption in a region other than a kernel portion which cannot be used by the user so as to keep the safety of the program " 
the key used. Specifically, the encryption/decryption are performed by a filter driver in an I/O manager, a device driver serving 
driver/net driver and an RTOS utilizing an HAL. Either or both of two filter drivers on both sides of a file system driver can be us\ 



